Simply put: encryption is important. Organizations across the globe use it to protect user privacy, digital assets and critical business components. However, as our adoption of encryption grows, cyber criminals are taking advantage of this larger playing field. Venafi has been particularly vocal about this risk. And now ears are pricking up across the industry.
Zscaler recently released a study on malicious threats that use SSL encryption. According to their research, over half (60%) of the transactions they process are delivered over SSL/TLS. However, the report also revealed Zscaler saw an average of 8.4 million* SSL/TLS-based security blocks per day this year, with 600,000 (7%) containing advanced threats.
Zscaler’s report shows that the volume of malicious content encrypted using SSL/TLS has more than doubled over the past six months. Every day, the cloud security company reports blocking 12,000 phishing attempts delivered over the encrypted protocol, which is a whopping 400% increase over 2016 figures.
The results of Zscaler’s study are very much in line with research Venafi has conducted on the rise of encryption and encryption-based cyber attacks.
Last December, we polled 505 IT professionals that manage keys and certificates in the U.S., U.K., France and Germany. According to our research, 86% of IT professionals saw strong growth in the use of keys and certificates in 2016. In addition, nearly half (49%) expected their key and certificate use would grow by more than 25 percent within the next 12 months.
However, few organizations are actively evaluating their organization’s traffic for encryption-based threats. According to a survey we conducted at RSA Conference 2017, nearly a quarter of the security professionals (23%) had no idea how much of their encrypted traffic was decrypted and inspected.
Overall, organizations are boosting their use of encryption and ignoring the potential risks the technology brings. Unfortunately, there is no excuse for this kind of obliviousness. 90% of CIOs we polled globally in 2016 said they had already been attacked or expect to be by hackers hiding in encryption. This is not an awareness issue; rather it is one about implementation.
Ultimately, Zscaler’s report shows that encryption-based cyber attacks will only continue to grow. It’s imperative for organizations to prepare for these kinds of threats in the future.
Is your organization able to safeguard against an attack that hides in encryption?